Hello Terry, I have also had battles with SELinux. Much of the time loosing the battle. There are usually some complaints in the logs that can be used to modify rules. I have also been using the Apache module mod_security. I ended up some time ago disabling SELinux (on Fedora 14). On Centos I also ended up shutting down SELinux.
If someone does have a good book on SELinux I would certainly be interested in having a look. Dave KU4B On Wed, 2011-02-23 at 08:09 -0800, Terry Trapp wrote: > I have recently been brought back from the Dark Sideā¢ to administer some > Linux boxen. Something that has changed in my absence is that SELinux is now > enabled by default and appears to have a fairly prohibitive default policy. > (On CentOS) I would like to draw on the group's experience and know your > thoughts, opinions and philosophy of how best to deal with it. > > My initial thought is to leave it enabled and adjust the policy as needed for > a given service. The issue I have ran into is that I have not found a > comprehensive CLI tool to administer the policy. Outright disabling it has > been the best answer in a couple of cases. > > Also, does anyone know of a good book that can give an overview of the > current implementation of SELinux? > > Thanks in advance! > --Terry > > > > -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en